Description of problem: PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension.
*** This bug has been marked as a duplicate of 169857 ***
*** Bug 239288 has been marked as a duplicate of this bug. ***